[jdk11u-dev] RFR: 8245245: WebSocket can lose the URL encoding of URI query parameters [v4]
Severin Gehwolf
sgehwolf at openjdk.org
Mon Dec 19 10:36:57 UTC 2022
On Sun, 18 Dec 2022 18:00:05 GMT, Michal Karm Babacek <duke at openjdk.org> wrote:
>> Proposes to backport [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245).
>>
>> The backport is clean as far as the actual `OpeningHandshake.java` goes. The test needed a little tweak so as to compile with `SimpleSSLContext` and also to handle the fact that the erroneous response does not bring a response body.
>>
>> The test passes with the patch, fails without it.
>>
>>
>> $ make clean run-test TEST="jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java"
>> ...
>> ==============================
>> Test summary
>> ==============================
>> TEST TOTAL PASS FAIL ERROR
>> jtreg:test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java
>> 1 1 0 0
>> ==============================
>> TEST SUCCESS
>>
>> Stopping sjavac server
>> Finished building targets 'clean run-test' in configuration 'linux-x86_64-normal-server-release'
>>
>> In addition to that, I compiled and executed the original `WebSocketTest.java` reproducer found on [JDK-8245245](https://bugs.openjdk.org/browse/JDK-8245245) JIRA.
>>
>>
>> ## Unpatched Temurin-11.0.17+8 ❌
>>
>> $ java WebSocketTest
>> Http Request
>> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> WebSocket Request
>> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc+def/ghi=xyz
>>
>>
>> ## Patched jdk11u ✔
>>
>> $ java WebSocketTest
>> Http Request
>> http://localhost:8000/?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> WebSocket Request
>> ws://localhost:8000/?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>> Server RequestURI: /?&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz
>>
>> The patched version correctly leaves the latter part of the query param encoded.
>
> Michal Karm Babacek has updated the pull request incrementally with one additional commit since the last revision:
>
> Adds comment about [JDK-8240666]
test/jdk/java/net/httpclient/websocket/HandshakeUrlEncodingTest.java line 127:
> 125: final String expectedRawQuery = "&raw=abc+def/ghi=xyz&encoded=abc%2Bdef%2Fghi%3Dxyz";
> 126: assertEquals(rawQuery, expectedRawQuery);
> 127: // [JDK-8240666] Websocket client's OpeningHandshake discards the HTTP response body
A better comment would be: `JDK-8240666 is not currently in 11u unlike later JDKs and we, therefore, need to check whether or not a body is present. This is OK as previous assertions verify a fix of JDK-8245245`. Something like that.
-------------
PR: https://git.openjdk.org/jdk11u-dev/pull/1558
More information about the jdk-updates-dev
mailing list